mailing list archives
Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
From: Petko Petkov <ppetkov () gnucitizen org>
Date: Mon, 25 Jul 2005 09:34:17 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Bojan Zdrnja wrote:
-----Original Message----- From:
full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
Morning Wood Sent: Wednesday, 20 July 2005 5:02 a.m. To: Petko
Petkov; bugtraq () securityfocus com Cc:
full-disclosure () lists grok org uk Subject: Re: [Full-disclosure]
Anonymous Web Attacks via DedicatedMobileServices
google's language translation also does this..
Regarding Google - yes, if you log only connections. However, when
you use translate.google.com service, Google will add a new header
in the HTTP request:
X-Forwarded-For: <IP address>
All proxy servers should add this header, even in the case of
multiple proxying, in which case all IP addresses should be listed
under this header.
For Apache, there is even a mod_extract_forwarded module which
should change the connection so it looks like it's coming from the
IP behind the proxy server.
I don't see any special risk with this, even for mobile devices
(mentioned in the original post) -- a proxy just does it's job, no
matter which proxy it is. If Google keeps logs, even if you don't
save X-Forwarded-For header and parse them, you can find out who
visited the web page, if it goes to investigation.
_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/
You are completely right that proxy servers do their job and it is
easy to trace back the intruder if this is the case. And you are right
that proxy servers have their own configuration files and log files.
Regarding Google ? no, Google is too big. If you compromise a server
in Romania I doubt that Google Inc. will be very helpful in this case.
Google has massive amount of log files that needs to be processed and
examined. Don?t get me wrong; I believe that Google has the power to
find your intruder.
The question is if everybody start hacking with WMLProxy, how
responsive Google would be?
On the other hand, it is very likely to see Web Attacks executed from
Simple Mobile Phones that have WAP enabled. Now, this is my concern.
An attacker can spend around £40 for cheap WAP device plus SIM. I
believe that it is a reasonable price for not going in jail.
X-Forwarded-For is a nice feature. I love it. Some people are not even
aware of it. But, in reality, it doesn?t works always the way we want it.
All the best,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
-----END PGP SIGNATURE-----